From 401db4b0c56704f956bc52e59da5ca76be387fda Mon Sep 17 00:00:00 2001 From: Connor Wilson Date: Tue, 8 Mar 2016 21:12:47 +0000 Subject: [PATCH] Initial changes to directory structure --- .gitignore | 3 +- .idea/SecGen.iml | 79 ++++++++++++++ .idea/vcs.xml | 6 ++ Gemfile | 11 +- config/config | 1 + lib/xml/boxes.xml => config/scenario.xml | 9 +- Vagrantfile => lib/Vagrantfile | 2 +- lib/constants.rb | 18 ++++ filecreator.rb => lib/filecreator.rb | 8 +- lib/helpers/vulnerability_processor.rb | 78 ++++++++++++++ lib/objects/vulnerability.rb | 25 +++++ lib/puppet_shared/puppet_shared | 1 + system.rb => lib/system.rb | 100 ++---------------- systemreader.rb => lib/systemreader.rb | 8 +- vagrant.rb => lib/vagrant.rb | 0 modules/modules | 1 + .../data}/vsftpd-2.3.4.tar.gz | Bin .../puppet/manifest/ftpbackdoor.pp | 1 + .../puppet/module}/install.pp | 2 +- .../scripts}/copyvsftpd.sh | 0 .../scripts}/startvsftpd.sh | 0 .../vsftpd_234_backdoor/secgen_metadata.xml | 19 ++++ .../unix/misc/distcc_exec/data}/distcc.erb | 0 .../unix/misc/distcc_exec/puppet}/config.pp | 2 +- .../unix/misc/distcc_exec/secgen_metadata.xml | 16 +++ mount/puppet/manifests/.webserver.pp.swp | Bin 12288 -> 0 bytes mount/puppet/manifests/ftp.pp | 8 -- .../modules/cleanup/manifests/config.pp | 23 ++-- securitysimulator.rb => secgen.rb | 22 ++-- {lib/tests => tests}/checkifequal.rb | 4 +- .../helpers/vulnerability_processor_tests.rb | 91 ++++++++++++++++ {lib/xml => xml}/bases.xml | 2 +- {lib/xml => xml}/networks.xml | 2 +- {lib/xml => xml}/services.xml | 0 {lib/xml => xml}/vulns.xml | 11 +- 35 files changed, 397 insertions(+), 156 deletions(-) create mode 100644 .idea/SecGen.iml create mode 100644 .idea/vcs.xml create mode 100644 config/config rename lib/xml/boxes.xml => config/scenario.xml (76%) rename Vagrantfile => lib/Vagrantfile (98%) create mode 100644 lib/constants.rb rename filecreator.rb => lib/filecreator.rb (83%) create mode 100644 lib/helpers/vulnerability_processor.rb create mode 100644 lib/objects/vulnerability.rb create mode 100644 lib/puppet_shared/puppet_shared rename system.rb => lib/system.rb (66%) rename systemreader.rb => lib/systemreader.rb (85%) rename vagrant.rb => lib/vagrant.rb (100%) create mode 100644 modules/modules rename {mount/files/shell => modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/data}/vsftpd-2.3.4.tar.gz (100%) create mode 100644 modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/manifest/ftpbackdoor.pp rename {mount/puppet/modules/vsftpdbackdoor/manifests => modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/module}/install.pp (92%) rename {mount/files/shell => modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts}/copyvsftpd.sh (100%) rename {mount/files/shell => modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts}/startvsftpd.sh (100%) create mode 100644 modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml rename {mount/puppet/modules/distcc/templates => modules/vulnerabilities/unix/misc/distcc_exec/data}/distcc.erb (100%) rename {mount/puppet/modules/distcc/manifests => modules/vulnerabilities/unix/misc/distcc_exec/puppet}/config.pp (86%) create mode 100644 modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml delete mode 100644 mount/puppet/manifests/.webserver.pp.swp delete mode 100644 mount/puppet/manifests/ftp.pp rename securitysimulator.rb => secgen.rb (74%) rename {lib/tests => tests}/checkifequal.rb (93%) create mode 100644 tests/helpers/vulnerability_processor_tests.rb rename {lib/xml => xml}/bases.xml (98%) rename {lib/xml => xml}/networks.xml (94%) rename {lib/xml => xml}/services.xml (100%) rename {lib/xml => xml}/vulns.xml (87%) diff --git a/.gitignore b/.gitignore index 263f6c73f..dba1a3806 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ -projects/** +projects unusedcode .DS_Store +.idea diff --git a/.idea/SecGen.iml b/.idea/SecGen.iml new file mode 100644 index 000000000..3d46ca15e --- /dev/null +++ b/.idea/SecGen.iml @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 000000000..94a25f7f4 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/Gemfile b/Gemfile index 26a4f1477..13318bc79 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,10 @@ -source "https://rubygems.org" +source 'https://rubygems.org' +#production gems go here +gem 'nokogiri' +gem 'xml-simple' -gem "nokogiri" +#development only gems go here +group :test, :development do + gem 'minitest' + gem 'rake' +end \ No newline at end of file diff --git a/config/config b/config/config new file mode 100644 index 000000000..e21cf80f2 --- /dev/null +++ b/config/config @@ -0,0 +1 @@ +Configuration will go here diff --git a/lib/xml/boxes.xml b/config/scenario.xml similarity index 76% rename from lib/xml/boxes.xml rename to config/scenario.xml index c402da719..4e6c900f4 100644 --- a/lib/xml/boxes.xml +++ b/config/scenario.xml @@ -2,9 +2,7 @@ - - @@ -18,13 +16,14 @@ - + + diff --git a/Vagrantfile b/lib/Vagrantfile similarity index 98% rename from Vagrantfile rename to lib/Vagrantfile index d8436b783..5c9ed42db 100644 --- a/Vagrantfile +++ b/lib/Vagrantfile @@ -25,7 +25,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # using a specific IP. # config.vm.network "private_network", ip: "192.168.33.10" - # Create a public network, which generally matched to bridged network. + # Create a public misc, which generally matched to bridged misc. # Bridged networks make the machine appear as another physical device on # your network. # config.vm.network "public_network" diff --git a/lib/constants.rb b/lib/constants.rb new file mode 100644 index 000000000..f03587f1c --- /dev/null +++ b/lib/constants.rb @@ -0,0 +1,18 @@ +#FILE CONSTANTS +ROOT_DIR = File.expand_path('../../../SecGen',__FILE__) +SCENARIO_XML = "#{ROOT_DIR}/config/scenario.xml" +NETWORKS_XML = "#{ROOT_DIR}/xml/networks.xml" +VULN_XML = "#{ROOT_DIR}/xml/vulns.xml" +SERVICES_XML = "#{ROOT_DIR}/xml/services.xml" +BASE_XML = "#{ROOT_DIR}/xml/bases.xml" +MOUNT_DIR = "#{ROOT_DIR}/mount/" + +#PATH CONSTANTS +MODULES_PATH = "#{ROOT_DIR}/modules/" +VULNERABILITIES_PATH = "#{ROOT_DIR}/modules/vulnerabilities/" + +#ERROR CONSTANTS +VULN_NOT_FOUND = "Matching vulnerability was not found please check the xml scenario.xml" + +#RUNTIME_CONSTANTS +AVAILABLE_CVE_NUMBERS = [] diff --git a/filecreator.rb b/lib/filecreator.rb similarity index 83% rename from filecreator.rb rename to lib/filecreator.rb index 44918ad07..18decb6a1 100644 --- a/filecreator.rb +++ b/lib/filecreator.rb @@ -1,5 +1,5 @@ require 'erb' -require_relative 'system.rb' +require_relative 'constants' VAGRANT_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/vagrantbase.erb" @@ -36,9 +36,9 @@ class FileCreator File.open("#{PROJECTS_DIR}/Project#{build_number}/Vagrantfile", 'w') { |file| file.write(vagrant_template.result(controller.get_binding)) } - report_template = ERB.new(File.read(REPORT_TEMPLATE_FILE), 0, '<>') - puts "#{PROJECTS_DIR}/Project#{build_number}/Report file has been created" - File.open("#{PROJECTS_DIR}/Project#{build_number}/Report", 'w'){ |file| file.write(report_template.result(controller.get_binding)) } + #report_template = ERB.new(File.read(REPORT_TEMPLATE_FILE), 0, '<>') + #puts "#{PROJECTS_DIR}/Project#{build_number}/Report file has been created" + #File.open("#{PROJECTS_DIR}/Project#{build_number}/Report", 'w'){ |file| file.write(report_template.result(controller.get_binding)) } return build_number end diff --git a/lib/helpers/vulnerability_processor.rb b/lib/helpers/vulnerability_processor.rb new file mode 100644 index 000000000..09509e123 --- /dev/null +++ b/lib/helpers/vulnerability_processor.rb @@ -0,0 +1,78 @@ +require_relative '../../lib/constants' #CW - Could this only be included in secgen.rb and have the constants initialized at runtime? +require_relative '../../lib/objects/vulnerability' +require 'nokogiri' +require 'xmlsimple' + +class VulnerabilityProcessor + # returns a hash of compatible vulnerabilities based on what is provided in scenario.xml (scenario_vulns) + # based on the attributes optionally specified in scenario.xml (scenario_vulns) + def process(scenario_vulns) + + return_vulns = {} + + all_vulnerabilities = get_vulnerabilities_array + + scenario_vulns.each do |vulnerability_query| + # select based on selected type, access, cve... + search_list = all_vulnerabilities.clone + # shuffle order of available vulnerabilities + search_list.shuffle! + # remove all the vulns that don't match the current selection (type, etc) + if vulnerability_query.type.length > 0 + puts "Searching for vulnerability matching type: " + vulnerability_query.type + search_list.delete_if{|x| x.type != vulnerability_query.type} + end + if vulnerability_query.access.length > 0 + puts "Searching for vulnerability matching access: " + vulnerability_query.access + search_list.delete_if{|x| x.access != vulnerability_query.access} + end + if vulnerability_query.cve.length > 0 + puts "Searching for vulnerability matching CVE: " + vulnerability_query.cve + search_list.delete_if{|x| x.cve != vulnerability_query.cve} + end + + if search_list.length == 0 + puts VULN_NOT_FOUND + puts "(note: you can only have one of each type of vulnerability per system)" + exit + else + # use from the top of the top of the randomised list + return_vulns[vulnerability_query.id] = search_list[0] + if search_list[0].type.length > 0 + puts "Selected vulnerability : " + search_list[0].type + end + + # enforce only one of any vulnerability type (remove from available) + search_list.delete_if{|x| x.type == vulnerability_query.type} + end + end + + return return_vulns.values + + + end + + def get_vulnerabilities_array + vulnerabilities = [] + Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/**/**/secgen_metadata.xml").each do |file| + vulnerability_hash = XmlSimple.xml_in(file, {}) + vulnerability = convert_vulnerability_hash_to_vulnerability_object(vulnerability_hash) + vulnerabilities.push(vulnerability) + end + + return vulnerabilities + end + + def convert_vulnerability_hash_to_vulnerability_object(vulnerability_hash) + return Vulnerability.new( + vulnerability_hash['type'], + vulnerability_hash['privilege'], + vulnerability_hash['access'], + vulnerability_hash['puppets'], + vulnerability_hash['details'], + vulnerability_hash['ports'], + vulnerability_hash['cve'], + vulnerability_hash['files'], + vulnerability_hash['scripts']) + end +end \ No newline at end of file diff --git a/lib/objects/vulnerability.rb b/lib/objects/vulnerability.rb new file mode 100644 index 000000000..372066e0c --- /dev/null +++ b/lib/objects/vulnerability.rb @@ -0,0 +1,25 @@ +class Vulnerability + attr_accessor :type, :privilege, :access ,:puppets, :details, :ports, :cve, :files, :scripts + + def eql? other + # checks if type matches vulns.xml from scenario.xml + other.kind_of?(self.class) && @type == other.type + end + + def initialize(type="", privilege="", access="", puppets=[], details="", ports=[], cve="", files=[], scripts=[]) + @type = type + @privilege = privilege + @access = access + @puppets = puppets + @details = details + @ports = ports + @cve = cve + @files = files + @scripts = scripts + end + + def id + return @type + @privilege + @access + end + + end diff --git a/lib/puppet_shared/puppet_shared b/lib/puppet_shared/puppet_shared new file mode 100644 index 000000000..948138ac7 --- /dev/null +++ b/lib/puppet_shared/puppet_shared @@ -0,0 +1 @@ +The new mount \ No newline at end of file diff --git a/system.rb b/lib/system.rb similarity index 66% rename from system.rb rename to lib/system.rb index 671bea68d..ad38614b9 100644 --- a/system.rb +++ b/lib/system.rb @@ -1,13 +1,6 @@ require 'nokogiri' -# assign constants -ROOT_DIR = File.dirname(__FILE__) +require_relative 'constants' -BOXES_XML = "#{ROOT_DIR}/lib/xml/boxes.xml" -NETWORKS_XML = "#{ROOT_DIR}/lib/xml/networks.xml" -VULN_XML = "#{ROOT_DIR}/lib/xml/vulns.xml" -SERVICES_XML = "#{ROOT_DIR}/lib/xml/services.xml" -BASE_XML = "#{ROOT_DIR}/lib/xml/bases.xml" -MOUNT_DIR = "#{ROOT_DIR}/mount/" class System # can access from outside of class @@ -53,7 +46,7 @@ class Network end def eql? other - # checks if name matches networks.xml from boxes.xml + # checks if name matches networks.xml from scenario.xml other.kind_of?(self.class) && @name == other.name end @@ -88,7 +81,7 @@ end class ServiceManager # secure services are randomly selected from the definitions in services.xml (secure_services) - # based on the attributes optionally specified in boxes.xml (want_services) + # based on the attributes optionally specified in scenario.xml (want_services) # However, if the service type has already had a vulnerability assigned (selected_vulns), it is ignored here def self.process(want_services, secure_services, selected_vulns=[]) return_services = {} @@ -116,7 +109,7 @@ class ServiceManager end if search_list.length == 0 - STDERR.puts "Matching service was not found please check the xml boxes.xml" + STDERR.puts "Matching service was not found please check the xml scenario.xml" STDERR.puts "(note: you can only have one of each type of service per system)" exit else @@ -135,13 +128,13 @@ class ServiceManager end class NetworkManager - # the user will either specify a blank network type or a knownnetwork type + # the user will either specify a blank misc type or a knownnetwork type def self.process(networks,valid_network) new_networks = {} # intersection of valid networks / user defined networks legal_networks = valid_network & networks networks.each do |network| - # checks to see string is blank if so valid network into a new hash map of vulnerabilities + # checks to see string is blank if so valid misc into a new hash map of vulnerabilities if network.name == "" random = valid_network.sample new_networks[random.id] = random @@ -151,14 +144,14 @@ class NetworkManager legal_networks.shuffle.each do |valid| if network.name == valid.name network.range = valid.range unless not network.range.empty? - # valid network into a new hash map of networks + # valid misc into a new hash map of networks new_networks[network.id] = network has_found = true break end end if not has_found - p "Network was not found please check the xml boxes.xml" + p "Network was not found please check the xml scenario.xml" exit end end @@ -181,83 +174,8 @@ class BaseManager end end -class Vulnerability - attr_accessor :type, :privilege, :access ,:puppets, :details, :ports, :cve - - def eql? other - # checks if type matches vulns.xml from boxes.xml - other.kind_of?(self.class) && @type == other.type - end - - def hash - @type.hash - end - - def initialize(type="", privilege="", access="", puppets=[], details="", ports=[], cve="") - @type = type - @privilege = privilege - @access = access - @puppets = puppets - @details = details - @ports = ports - @cve = cve - end - - def id - return @type + @privilege + @access - end - -end - -class VulnerabilityManager - # vulnerabilities are randomly selected from the definitions in vulns.xml (all_vulns) - # based on the attributes optionally specified in boxes.xml (want_vulns) - def self.process(want_vulns, all_vulns) - return_vulns = {} - - legal_vulns = all_vulns.clone - want_vulns.each do |vulnerability_query| - # select based on selected type, access, cve... - - # copy vulns array - search_list = legal_vulns.clone - # shuffle order of available vulnerabilities - search_list.shuffle! - # remove all the vulns that don't match the current selection (type, etc) - if vulnerability_query.type.length > 0 - puts "Searching for vulnerability matching type: " + vulnerability_query.type - search_list.delete_if{|x| x.type != vulnerability_query.type} - end - if vulnerability_query.access.length > 0 - puts "Searching for vulnerability matching access: " + vulnerability_query.access - search_list.delete_if{|x| x.access != vulnerability_query.access} - end - if vulnerability_query.cve.length > 0 - puts "Searching for vulnerability matching CVE: " + vulnerability_query.cve - search_list.delete_if{|x| x.cve != vulnerability_query.cve} - end - - if search_list.length == 0 - STDERR.puts "Matching vulnerability was not found please check the xml boxes.xml" - STDERR.puts "(note: you can only have one of each type of vulnerability per system)" - exit - else - # use from the top of the top of the randomised list - return_vulns[vulnerability_query.id] = search_list[0] - if search_list[0].type.length > 0 - puts "Selected vulnerability : " + search_list[0].type - end - - # enforce only one of any vulnerability type (remove from available) - legal_vulns.delete_if{|x| x.type == vulnerability_query.type} - end - end - return return_vulns.values - end -end - class Conf - # this class uses nokogiri to grab all of the information from network.xml, bases.xml, and vulns.xml + # this class uses nokogiri to grab all of the information from misc.xml, bases.xml, and vulns.xml # then adds them to their specific class to do checking for legal in Manager.process def self.networks if defined? @@networks diff --git a/systemreader.rb b/lib/systemreader.rb similarity index 85% rename from systemreader.rb rename to lib/systemreader.rb index 4b9d0d103..79e568dcd 100644 --- a/systemreader.rb +++ b/lib/systemreader.rb @@ -1,12 +1,14 @@ require_relative 'system.rb' - +require_relative 'objects/vulnerability' +require_relative 'helpers/vulnerability_processor' class SystemReader # initializes systems xml from BOXES_XML const def initialize(systems_xml) @systems_xml = systems_xml + @vulnerability_processor = VulnerabilityProcessor.new end - # uses nokogiri to extract all system information from boxes.xml will add it to the system class after + # uses nokogiri to extract all system information from scenario.xml will add it to the system class after # checking if the vulnerabilities / networks exist from system.rb def systems systems = [] @@ -46,7 +48,7 @@ class SystemReader puts "Processing system: " + id # vulns / networks are passed through to their manager and the program will create valid vulnerabilities / networks # depending on what the user has specified these two will return valid vulns to be used in vagrant file creation. - new_vulns = VulnerabilityManager.process(vulns, Conf.vulnerabilities) + new_vulns = @vulnerability_processor.process(vulns) #puts new_vulns.inspect new_networks = NetworkManager.process(networks, Conf.networks) diff --git a/vagrant.rb b/lib/vagrant.rb similarity index 100% rename from vagrant.rb rename to lib/vagrant.rb diff --git a/modules/modules b/modules/modules new file mode 100644 index 000000000..043a763d3 --- /dev/null +++ b/modules/modules @@ -0,0 +1 @@ +Vulnerabilities, Services, Users, Bases and Networks will go in here \ No newline at end of file diff --git a/mount/files/shell/vsftpd-2.3.4.tar.gz b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/data/vsftpd-2.3.4.tar.gz similarity index 100% rename from mount/files/shell/vsftpd-2.3.4.tar.gz rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/data/vsftpd-2.3.4.tar.gz diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/manifest/ftpbackdoor.pp b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/manifest/ftpbackdoor.pp new file mode 100644 index 000000000..e28968771 --- /dev/null +++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/manifest/ftpbackdoor.pp @@ -0,0 +1 @@ +include vsftpdbackdoor::install \ No newline at end of file diff --git a/mount/puppet/modules/vsftpdbackdoor/manifests/install.pp b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/module/install.pp similarity index 92% rename from mount/puppet/modules/vsftpdbackdoor/manifests/install.pp rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/module/install.pp index 74bcbd770..94889f104 100644 --- a/mount/puppet/modules/vsftpdbackdoor/manifests/install.pp +++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/puppet/module/install.pp @@ -1,4 +1,4 @@ - #copies and unpacks vsftpd saves it to usr/local/sbin and executes it for startup + #copies and unpacks vsftpd_234_backdoor saves it to usr/local/sbin and executes it for startup class vsftpdbackdoor::install { exec { 'unzip-vsftpd': command => 'tar xzf vsftpd-2.3.4.tar.gz && mv vsftpd-2.3.4 /home/vagrant/vsftpd-2.3.4', diff --git a/mount/files/shell/copyvsftpd.sh b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts/copyvsftpd.sh similarity index 100% rename from mount/files/shell/copyvsftpd.sh rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts/copyvsftpd.sh diff --git a/mount/files/shell/startvsftpd.sh b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts/startvsftpd.sh similarity index 100% rename from mount/files/shell/startvsftpd.sh rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/scripts/startvsftpd.sh diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml new file mode 100644 index 000000000..9de92de61 --- /dev/null +++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml @@ -0,0 +1,19 @@ + + + install.pp + ftpbackdoor.pp + + + vsftpd-2.3.4.tar.gz + + + + + + \ No newline at end of file diff --git a/mount/puppet/modules/distcc/templates/distcc.erb b/modules/vulnerabilities/unix/misc/distcc_exec/data/distcc.erb similarity index 100% rename from mount/puppet/modules/distcc/templates/distcc.erb rename to modules/vulnerabilities/unix/misc/distcc_exec/data/distcc.erb diff --git a/mount/puppet/modules/distcc/manifests/config.pp b/modules/vulnerabilities/unix/misc/distcc_exec/puppet/config.pp similarity index 86% rename from mount/puppet/modules/distcc/manifests/config.pp rename to modules/vulnerabilities/unix/misc/distcc_exec/puppet/config.pp index 74ae28408..27b46bd18 100644 --- a/mount/puppet/modules/distcc/manifests/config.pp +++ b/modules/vulnerabilities/unix/misc/distcc_exec/puppet/config.pp @@ -11,7 +11,7 @@ class distcc::config { owner => 'root', group => 'root', mode => '0777', - content => template('distcc/distcc.erb') + content => template('../data/distcc.erb') } diff --git a/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml b/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml new file mode 100644 index 000000000..5194f5e8b --- /dev/null +++ b/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml @@ -0,0 +1,16 @@ + + + distcc.pp + + + distcc.erb + + + + \ No newline at end of file diff --git a/mount/puppet/manifests/.webserver.pp.swp b/mount/puppet/manifests/.webserver.pp.swp deleted file mode 100644 index 2aedab45b2a623fbc0a1c09bb436ff7bfd8841e3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI&zi-qq6bEo0BN9IZ6ALnQ$kN0|D@1h?427i1LFX2a|V`C`#Mtbo%dGE#kY|&*geRp)spJn@uj=PL~+sWoHs|S;><%CuG ztZb#rwQIuNt;g$-*QUo(9UAi?edA1486~T6!R2oa#Vez_S~tEGbFDg8`gJ-l>#maC zI8mFf@xpf2YA+*Ib#oRGq#`z|Njr~|6lGfc13YX@s>hRe5ahx6oz6&5o@mDp0Q*IKmY;| zfB*y_009U<00I#B2Le1CES~vAKXRV5oh@v#xg5{WU+|B-qtClJ{YvV!v^LC=UA}Ur zv%jv!X~Hjd`(}CRw4#s3OWpo#7n@n>i&!QKQ)|&T6!n^(Op|125SQ{^nPyq8Vhyzk zYY^HiLAg(Lpr&t+{Zohef%Gxh`EoUpe5 diff --git a/mount/puppet/manifests/ftp.pp b/mount/puppet/manifests/ftp.pp deleted file mode 100644 index de7ecdaef..000000000 --- a/mount/puppet/manifests/ftp.pp +++ /dev/null @@ -1,8 +0,0 @@ -class { 'vsftpd': - anonymous_enable => 'YES', - write_enable => 'YES', - ftpd_banner => 'Marmotte FTP Server', - chroot_local_user => 'YES', -} - -include vsftpd \ No newline at end of file diff --git a/mount/puppet/modules/cleanup/manifests/config.pp b/mount/puppet/modules/cleanup/manifests/config.pp index 067ad26b2..55cfb74ae 100644 --- a/mount/puppet/modules/cleanup/manifests/config.pp +++ b/mount/puppet/modules/cleanup/manifests/config.pp @@ -5,10 +5,13 @@ path => "/bin/", } # finds every file and modifies with date may 2006 - exec { "find": - command => "find / -exec touch -d '17 May 2006 14:16' {} \\;", - path => "/usr/bin/", - } +# todo: CW - find a way to do this quicker, as it takes the most of the time when spinning up a vm, also commented out for testing purposes +# exec { "find": +# command => "find / -exec touch -d '17 May 2006 14:16' {} \\;", +# path => "/usr/bin/", +# timeout => 5000 +# } + # disables eth1 which runs the public network for each vulnerable machine # vagrant runs over 10.0 for eth0 .. eth1 for public .. and eth2 for private. @@ -17,12 +20,14 @@ path => "/sbin/", } # changes default vagrant password, would kind of be pointless if they could just ssh to vagrant/vagrant :P +# this never worked. +# user { +# 'vagrant': +# ensure => present, +# password => 'superdupersecurepassword', +# } - user { 'vagrant': - password => 'superdupersecurepassword', - } - - # or you can remove the user entierly, up to you 'but if you are playing around with vagrant might cause problems' + # or you can remove the user entierly, up to you 'but i you are playing around with vagrant might cause problems' #use this option only when you are rolling out to users. # user { 'vagrant': diff --git a/securitysimulator.rb b/secgen.rb similarity index 74% rename from securitysimulator.rb rename to secgen.rb index 95e695749..ef740f1c0 100644 --- a/securitysimulator.rb +++ b/secgen.rb @@ -1,19 +1,9 @@ -# Security Simulator -# -# $Id$ -# -# $Revision$ -# -# This program allows you to use a large amount of virtual machines and install vulnerable software to create a learning environment. -# -# By: Lewis Ardern (Leeds Metropolitan University) - require 'getoptlong' require 'fileutils' -require_relative 'system.rb' -require_relative 'filecreator.rb' -require_relative 'systemreader.rb' -require_relative 'vagrant.rb' +require_relative 'lib/constants' +require_relative 'lib/filecreator.rb' +require_relative 'lib/systemreader.rb' +require_relative 'lib/vagrant.rb' puts 'SecGen - Creates virtualised security scenarios' puts 'Licensed GPLv3 2014-16' @@ -34,8 +24,8 @@ end def build_config puts 'Reading configuration file for virtual machines you want to create' - # uses nokogoiri to grab all the system information from boxes.xml - systems = SystemReader.new(BOXES_XML).systems + # uses nokogoiri to grab all the system information from scenario.xml + systems = SystemReader.new(SCENARIO_XML).systems puts 'Creating vagrant file' # create's vagrant file / report a starts the vagrant installation' diff --git a/lib/tests/checkifequal.rb b/tests/checkifequal.rb similarity index 93% rename from lib/tests/checkifequal.rb rename to tests/checkifequal.rb index 88df45b3c..a67972947 100644 --- a/lib/tests/checkifequal.rb +++ b/tests/checkifequal.rb @@ -1,6 +1,6 @@ require "test/unit" require 'nokogiri' -require_relative "../../system.rb" +require_relative "../system.rb" #http://ruby-doc.org/stdlib-2.0.0/libdoc/test/unit/rdoc/Test/Unit/Assertions.html class TestXMLIsEqual < Test::Unit::TestCase @@ -17,7 +17,7 @@ class TestXMLIsEqual < Test::Unit::TestCase vulns = system.css('vulnerabilities vulnerability').collect do |v| Vulnerability.new(v[:type],v[:privilege],v[:access],v[:puppet],v[:details]) end - networks = system.css('networks network').collect { |n| n['name'] } + networks = system.css('networks misc').collect { |n| n['name'] } @systems << System.new(id, os, base, vulns, networks) end diff --git a/tests/helpers/vulnerability_processor_tests.rb b/tests/helpers/vulnerability_processor_tests.rb new file mode 100644 index 000000000..3a83a47cf --- /dev/null +++ b/tests/helpers/vulnerability_processor_tests.rb @@ -0,0 +1,91 @@ +require 'minitest/autorun' +require '../../lib/helpers/vulnerability_processor' +require '../../lib/objects/vulnerability' +class VulnerabilityProcessorTests < MiniTest::Test + + def setup + @sut = VulnerabilityProcessor.new + #Array of Vulnerabilities + @want_xml = Array.new + @all_vuln_xml = Array.new + end + + def test_when_given_one_vulnerability_should_return_one_vulnerability + #arrange + vulnerability = Vulnerability.new + vulnerability.type = 'ftp' + vulnerability.access = 'remote' + + @want_xml.push(vulnerability) + + #act + result = @sut.process(@want_xml) + + #assert + + assert(result.is_a?(Array), msg = 'The returned value is not an array') + assert_equal(result.count, 1, msg= 'The returned count is less than 1') + assert(result[0].is_a?(Vulnerability), msg = 'The first value is not a type of Vulnerability') + assert_equal(result[0].type, 'ftp', msg= 'The type is not ftp') + assert_equal(result[0].access, 'remote', msg= 'The access is not remote') + end + + def test_when_given_vulnerability_with_cve_should_return_full_vulnerability + #arrange + vulnerability = Vulnerability.new + vulnerability.cve = 'CVE-2004-2687' + @want_xml.push(vulnerability) + + #act + result = @sut.process(@want_xml) + + #assert + + assert(result.is_a?(Array), msg = 'The returned value is not an array') + assert_equal(result.count, 1, msg= 'The returned count is less than 1') + assert(result[0].is_a?(Vulnerability), msg = 'The first value is not a type of vulnerability') + assert_equal(result[0].type, 'distcc', msg= 'The type is not distcc') + assert_equal(result[0].access, 'remote', msg= 'The access is not remote') + end + + def test_when_given_multiple_vulnerabilities_should_return_multiple_vulnerabilities + #arrange + vulnerability = Vulnerability.new + vulnerability.type = 'ftp' + vulnerability.access = 'remote' + @want_xml.push(vulnerability) + vulnerability = Vulnerability.new + vulnerability.cve = 'CVE-2004-2687' + @want_xml.push(vulnerability) + #act + result = @sut.process(@want_xml) + + #assert + + assert(result.is_a?(Array), msg = 'The returned value is not an array') + assert_equal(result.count, 2, msg= 'The returned count is less than 1') + assert(result[0].is_a?(Vulnerability), msg = 'The first value is not a type of hash') + + end + + def test_when_given_multiple_vulnerabilities_of_same_type_should_return_single_vulnerability + #arrange + vulnerability = Vulnerability.new + vulnerability.type = 'ftp' + vulnerability.access = 'remote' + @want_xml.push(vulnerability) + @want_xml.push(vulnerability) + + #act + result = @sut.process(@want_xml) + + #assert + + assert(result.is_a?(Array), msg = 'The returned value is not an array') + assert_equal(result.count, 1, msg= 'The returned count is less than 1') + assert(result[0].is_a?(Vulnerability), msg = 'The first value is not a type of hash') + + end + + +end \ No newline at end of file diff --git a/lib/xml/bases.xml b/xml/bases.xml similarity index 98% rename from lib/xml/bases.xml rename to xml/bases.xml index 3a0f06bf7..9b1b8943c 100644 --- a/lib/xml/bases.xml +++ b/xml/bases.xml @@ -5,5 +5,5 @@ - + diff --git a/lib/xml/networks.xml b/xml/networks.xml similarity index 94% rename from lib/xml/networks.xml rename to xml/networks.xml index 2a5c9f0e4..d1c8011ce 100644 --- a/lib/xml/networks.xml +++ b/xml/networks.xml @@ -2,4 +2,4 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/lib/xml/services.xml b/xml/services.xml similarity index 100% rename from lib/xml/services.xml rename to xml/services.xml diff --git a/lib/xml/vulns.xml b/xml/vulns.xml similarity index 87% rename from lib/xml/vulns.xml rename to xml/vulns.xml index 04199e3f8..b84c40992 100644 --- a/lib/xml/vulns.xml +++ b/xml/vulns.xml @@ -52,16 +52,7 @@ writeableshadow - - - distcc - - +